Add OP resolution rules (#2753)

2022-05-18 00:03:23 +02:00 · 2022-05-18 00:03:23 +02:00 · 3428cb981f
parent 8b968b5096
commit 3428cb981f
2 changed files with 30 additions and 6 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/OpenIDConnect.pm
@ -249,14 +249,23 @@ sub extractFormInfo {

        else {

-            # IDP list
-            my $portalPath = $self->{conf}->{portal};
-            $portalPath =~ s#^https?://[^/]+/?#/#;
+            # Try to use OP resolution ruls
+            foreach ( keys %{ $self->opRules } ) {
+                my $cond = $self->opRules->{$_} or next;
+                if ( $cond->( $req, $req->sessionInfo ) ) {
+                    $self->logger->debug("OP $_ selected from resolution rule");
+                    $op = $_;
+                    last;
+                }
+            }

-            $req->data->{list} = $self->opList;
+            unless ($op) {

-            $req->data->{login} = 1;
-            return PE_IDPCHOICE;
+                # display OP list
+                $req->data->{list}  = $self->opList;
+                $req->data->{login} = 1;
+                return PE_IDPCHOICE;
+            }
        }
    }

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
@ -41,6 +41,7 @@ use constant OIDC_SCOPES => [qw/openid profile email address phone/];
 has oidcOPList   => ( is => 'rw', default => sub { {} }, );
 has oidcRPList   => ( is => 'rw', default => sub { {} }, );
 has rpAttributes => ( is => 'rw', default => sub { {} }, );
+has opRules      => ( is => 'rw', default => sub { {} } );
 has spRules      => ( is => 'rw', default => sub { {} } );
 has spMacros     => ( is => 'rw', default => sub { {} } );
 has spScopeRules => ( is => 'rw', default => sub { {} } );
@ -90,6 +91,20 @@ sub loadOPs {
        $self->oidcOPList->{$_}->{jwks} =
          $self->decodeJSON( $self->conf->{oidcOPMetaDataJWKS}->{$_} );
    }
+
+    # Set rule
+    foreach ( keys %{ $self->conf->{oidcOPMetaDataOptions} } ) {
+        my $cond = $self->conf->{oidcOPMetaDataOptions}->{$_}
+          ->{oidcOPMetaDataOptionsResolutionRule};
+        if ( length $cond ) {
+            my $rule_sub =
+              $self->p->buildRule( $cond, "OIDC provider resolution" );
+            if ($rule_sub) {
+                $self->opRules->{$_} = $rule_sub;
+            }
+        }
+    }
+
    return 1;
 }